openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Fisher <dave2w...@comcast.net>
Subject Re: [DISCUSS] What Would OpenOffice Retirement Involve? (long)
Date Fri, 02 Sep 2016 02:26:51 GMT
Hi Dennis,

I don't have objections to this topic, but I feel I need to make a few suggestions before
this thread is either ignored or a confused mess.

(1) a long, official policy statement like this is best put into a wiki page where many can
edit it and it can be an easy discussion and not a confused email mess that is started with
something that is tl:dr. The maturity model was recently developed by the comdev participants
on the wiki and email
Effectively. This document needs to be developed in the same way.

(2) why is this cross posted to private and DEV? To do so implies that there is some other
non-open discussion in parallel. You and I have run into unexpected results from this strange
cross posting practice of yours (hi Simon)

(3) I think that working towards being able to release rather than patch as Patricia has suggested
is our best way to solve the security issue. The quick patch is not much faster and has been
proven to be more of a challenge then kick starting the broken build process.

Regards,
Dave

Sent from my iPhone

> On Sep 1, 2016, at 4:37 PM, Dennis E. Hamilton <orcmid@apache.org> wrote:
> 
> Here is what a careful retirement of Apache OpenOffice could look like.
> 
>              A. PERSPECTIVE
>              B. WHAT RETIREMENT COULD LOOK LIKE
>                 1. Code Base
>                 2. Downloads
>                 3. Development Support
>                 4. Public-Project Community Interfaces
>                 5. Social Media Presence
>                 6. Project Management Committee
>                 7. Branding
> 
> A. PERSPECTIVE
> 
> I have regularly observed that the Apache OpenOffice project has limited capacity for
sustaining the project in an energetic manner.  It is also my considered opinion that there
is no ready supply of developers who have the capacity, capability, and will to supplement
the roughly half-dozen volunteers holding the project together.  It doesn't matter what the
reasons for that might be.
> 
> The Apache Project Maturity Model,
> <http://community.apache.org/apache-way/apache-project-maturity-model.html>, identifies
the characteristics for which an Apache project is expected to strive. 
> 
> Recently, some elements have been brought into serious question:
> 
> QU20: The project puts a very high priority on producing secure software.
> QU50: The project strives to respond to documented bug reports in a timely manner.
> 
> There is also a litmus test which is kind of a red line.  That is for the project to
have a PMC capable of producing releases.  That means that there are at least three available
PMC members capable of building a functioning binary from a release-candidate archive, and
who do so in providing binding votes to approve the release of that code.  
> 
> In the case of Apache OpenOffice, needing to disclose security vulnerabilities for which
there is no mitigation in an update has become a serious issue.
> 
> In responses to concerns raised in June, the PMC is currently tasked by the ASF Board
to account for this inability and to provide a remedy.  An indicator of the seriousness of
the Board's concern is the PMC been requested to report to the Board every month, starting
in August, rather than quarterly, the normal case.  One option for remedy that must be considered
is retirement of the project.  The request is for the PMC's consideration among other possible
options.  The Board has not ordered a solution. 
> 
> I cannot prediction how this will all work out.  It is remiss of me not to point out
that retirement of the project is a serious possibility.
> 
> There are those who fear that discussing retirement can become a self-fulfilling prophecy.
 My concern is that the project could end with a bang or a whimper.  My interest is in seeing
any retirement happen gracefully.  That means we need to consider it as a contingency.  For
contingency plans, no time is a good time, but earlier is always better than later.
> 
> 
> B. WHAT RETIREMENT COULD LOOK LIKE
> 
> Here is a provisional list of all elements that would have to be addressed, over a period
of time, as part of any retirement effort.   
> 
> In order to understand what would have had to happen in a graceful process, the assumption
below is that the project has already retired.
> 
> Requests for additions and adjustments to this compilation are welcome.
> 
> 1. CODE BASE
> 
>    1.1 The Apache OpenOffice Subversion repository where code is maintained has been
moved to "The Attic."  Apache Attic is an actual project, <http://attic.apache.org/>.
 The source code would remain
> available and could be checked-out from Subversion by anyone interested in making use
of it.  There is no means of committing changes.
> 
>    1.2 Apache Externals/Extras consists of external libraries that are relied upon by
the source code but are not part of the source code.  These were housed on SourceForge and
elsewhere.  (a) They might have been archived in conjunction with the SVN (1.1).  (b) They
might be identified in a way that someone attempting to build from source later on would be
able to work with later versions of the external dependencies.  There are additional external
dependencies that might have become obsolete.
> 
>    1.3 Build Dependencies/Tool Chains.  The actual construction of the released binaries
depends on particular versions of specific tools that are used for carrying out builds of
binaries from the source.  The dependencies as they last were used are identified in a historical
location.  Some of the tools and their use become obsolete over time.
> 
>    1.4 GitHub Mirror.  For the GitHub Mirror of the Apache OpenOffice SVN (a) pull requests
are not accepted.  (b) Continuation of the presence of the GitHub repository might be shut
down at some point depending on GitHub policy and ASF support.
> 
> 2. DOWNLOADS
> 
>    2.1 The source code releases, patches, and installable binaries are all retained in
the archive system that is already maintained.  There are no further additions.
> 
>    2.2 The downloading of full releases is supported on the SourceForge mirroring system.
 There are no new downloads.  How long until SourceForge retires its support for downloads
is not predictable (and see 4.3).  
> 
>    2.3 The Apache OpenOffice Extensions and Templates system is an independent arrangement
hosted and curated on SourceForge.  Whether and how long the download service is preserved
by SourceForge is not predictable.
> 
>    2.4 The mechanism for announcing updates to installed versions of OpenOffice binaries
is adjusted to indicate that (a) particular versions are no longer supported.  (b) For the
latest distribution(s), there may be advice to users about investigating still-supported alternatives.
 
> 
> 3. DEVELOPMENT SUPPORT
> 
>    3.1 The Apache OpenOffice Bugzilla is mirrored in The Attic.  The Bugzilla is read-only
and preserved for historical purposes.
> 
>    3.2 The Pootle materials used for the development of localizations are exported and
archived.
> 
>    3.3 The Confluence Wiki operated by the project is preserved in a read-only state:<https://cwiki.apache.org/confluence/display/OOOUSERS/>.

> 
>    3.4 The commits@ and issues@ mailing lists are shut down although archived.
> 
> 4. PUBLIC PROJECT-COMMUNITY INTERFACES
> 
>    4.1 All public discussion mailing lists are shut down.  They are all archived and
accessible from The Attic.  
> 
>    4.2 The dev@ list was the last to shut down, having been used during orchestration
of the retirement.
> 
>    4.3 The http://openoffice.org site is static and uneditable.  The CMS functions for
contribution to the site are disabled.  Over the course of retirement, key pages of the site
were updated to reflect the retirement activity and to eventually end some of the functions,
such as information on how to contribute, how to obtain the software, how to obtain help,
branding requirements, etc.  
> 
>    4.4 The Wikimedia subsite of openoffice.org is read-only and static.  No contributions
or edits can be made.  At some point, the Wikimedia server will need to be shut down and (a)
the server is shutdown/moved with openoffice.org indicating that the wiki is unavailable.
 (b) Only a static form of the pages is provided. (c) Alternative hosting and rebranding is
achieved.
> 
>    4.5 The OpenOffice Community Forums were semi-autonomous.  (a) The server is retired.
 (b) The site is rehosted and rebranded by agreement with the Apache OpenOffice project and
the ASF.  
> 
> 
> 5. SOCIAL MEDIA PRESENCE
> 
>    5.1 The Apache Planet OpenOffice Blog is terminated with the announcement that Retirement
is complete.
> 
>    5.2 The Twitter account is terminated.
> 
>    5.3 Any Facebook page under control of the project is closed.
> 
>    5.4 The announce@ list is terminated and archived with the announcement of Retirement
completion.
> 
> 
> 6. PROJECT MANAGEMENT COMMITTEE
> 
>    6.1 With completion of the retirement, the private@ and security@ openoffice.org lists
were shutdown (although archived as are all such lists).
> 
>    6.2 The Project Management Committee is disbanded and the Chair is relieved.
> 
>    6.3 There is no longer any identified operation for continuation of the project except
as specified for The Attic.
> 
> 
> 7. BRANDING
> 
>    7.1 With the cessation of releases, it is made widely known that official releases
other than the last ones provided by the project are not the work of Apache OpenOffice and
any claimed association, justification for charge of fees and for carrying of advertising
are not in support of the Apache OpenOffice project.  This notification will also be made
to those organizations that carry offerings to the contrary (e.g., eBay).
> 
>    7.2 There is no point of contact, other than branding@ apache.org, for request to
make use of the brands.
> 
>    7.3 There is no active attention to preservation of the trademarks related to Apache
OpenOffice.  (a) Inappropriate use of Apache and its symbols in names of offerings will be
defended when brought to the attention of branding@.  (b) Uses of OpenOffice, Open Office,
openoffice.org and other similarities without attribution to Apache are not addressed.
> 
>                                    *** end of the list as of 2016-09-01 ***
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


Mime
View raw message